function user_Update($system, $record) { if (user_Validate($system, $record)) { $recID = intval(@$record['ugr_ID']); $rectype = $record['ugr_Type']; $is_registration = $rectype == 'user' && $recID < 1; if ($is_registration && $system->get_system('sys_AllowRegistration') == 0) { $system->addError(HEURIST_REQUEST_DENIED, 'Registration is not allowed for current database'); } else { if ($is_registration || $system->is_admin2($recID)) { //do not allow registration if approvement mail cannot be sent if ($is_registration) { if (false && !checkSmtp()) { $system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Registration'); return false; } //check capture if (@$_SESSION["captcha_code"] && $_SESSION["captcha_code"] != @$record['ugr_Captcha']) { $system->addError(HEURIST_UNKNOWN_ERROR, 'Are you a bot? Please enter the correct answer to the challenge question'); return false; } if (@$_SESSION["captcha_code"]) { unset($_SESSION["captcha_code"]); } } if (@$record['ugr_Captcha']) { unset($record['ugr_Captcha']); } $mysqli = $system->get_mysqli(); $res = mysql__select_value($mysqli, "select ugr_ID from sysUGrps where ugr_Name='" . $mysqli->real_escape_string($record['ugr_Enabled']) . "' or ugr_eMail='" . $mysqli->real_escape_string($record['ugr_eMail']) . "'"); if ($res != $recID) { $system->addError(HEURIST_INVALID_REQUEST, 'The provided name or email already exists'); return false; } $is_approvement = false; //encrypt password $tmp_password = null; if ($rectype == 'user') { if (@$record['ugr_Password'] && $record['ugr_Password'] != '') { $tmp_password = $record['ugr_Password']; $record['ugr_Password'] = hash_it($tmp_password); } else { unset($record['ugr_Password']); } if ($system->get_user_id() < 1) { //not logged in - always disabled $record['ugr_Enabled'] = "n"; } if ("y" == @$record['ugr_Enabled']) { $is_approvement = user_isApprovement($system, $recID); } } $res = mysql__insertupdate($mysqli, "sysUGrps", "ugr", $record); if (is_numeric($res) > 0) { $new_recID = $res; //actions on complete if ($rectype == 'user') { $rv = true; if ($recID < 1 && $system->get_user_id() < 1) { $rv = user_EmailAboutNewUser($system, $new_recID); } else { if ($recID < 1 || $is_approvement) { $rv = user_EmailApproval($system, $new_recID, $tmp_password, $is_approvement); } } if (!$rv) { return false; } } else { if ($recID < 1) { //this is addition of new group //add current user as admin for new group //changeRole($recID, get_user_id(), "admin", null, false, true); } } return $res; //returns affected record id } else { $system->addError(HEURIST_DB_ERROR, 'Cannot update record in database', $res); } } else { $system->addError(HEURIST_REQUEST_DENIED, 'Operation denied. Not enough rights'); } } } else { //$system->addError(HEURIST_INVALID_REQUEST, "All required fields are not defined"); } return false; }
$s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./'; $salt = $s[rand(0, strlen($s) - 1)] . $s[rand(0, strlen($s) - 1)]; return crypt($passwd, $salt); } if (@$_REQUEST['username']) { mysql_connection_overwrite(USERS_DATABASE); $username = mysql_real_escape_string($_REQUEST['username']); $res = mysql_query('select ugr_ID,ugr_eMail,ugr_FirstName,ugr_Name from sysUGrps usr where usr.ugr_Name = "' . $username . '" or ugr_eMail = "' . $username . '"'); $row = mysql_fetch_assoc($res); $username = $row['ugr_Name']; $user_id = $row['ugr_ID']; $email = $row['ugr_eMail']; $firstname = $row['ugr_FirstName']; if ($user_id) { $new_passwd = generate_passwd(); mysql_query('update sysUGrps usr set ugr_Password = "******" where ugr_ID = ' . $user_id); $email_title = 'Password reset'; $email_text = "Dear " . $firstname . ",\n\n" . "Your Heurist password has been reset.\n\n" . "Your username is: " . $username . "\n" . "Your new password is: " . $new_passwd . "\n\n" . "To change your password go to Profile -> My User Info in the top right menu.\nYou will first be asked to log in with the new password above."; $email_header = 'From: ' . HEURIST_MAIL_TO_INFO; $rv = sendEmail($email, $email_title, $email_text, $email_header); if ($rv == "ok") { print '<p>Your password has been reset. You should receive an email shortly with your new password.</p>' . "\n"; } else { print '<p style="color: red;">' . $rv . '</p>' . "\n"; } } else { $error = '<p style="color: red;">Username does not exist</p>' . "\n"; } } if (!@$_REQUEST['username'] || @$error) { ?>
if (!$username) { $LOGIN_ERROR = 'Username is mandatory'; } if (!$password) { $LOGIN_ERROR = 'Password is mandatory'; } if (strlen($username) < 5) { $LOGIN_ERROR = 'Username must be 5 characters at least'; } if (strlen($password) < 5) { $LOGIN_ERROR = 'Password must be 5 characters at least'; } $eMail = @$_REQUEST['email']; mysql_connection_insert(USERS_DATABASE); // Make the current user the owner and admin of the new database mysql_query('UPDATE ' . USERS_TABLE . ' SET ' . ($eMail ? ' ugr_eMail="' . mysql_real_escape_string($eMail) . '", ' : '') . 'ugr_Name="' . mysql_real_escape_string($username) . '", ' . 'ugr_Password="******" WHERE ugr_ID=2'); if (mysql_error()) { print "<h2>Unable to update owner email and password for database<h2> SQL error:" . mysql_error(); "<p>Please contact Heurist developers for help</p>"; } else { $needRegistration = false; $_REQUEST['username'] = $username; $_REQUEST['password'] = $password; } } else { mysql_connection_select(USERS_DATABASE); //verify that this database has proper owner userId=2 $res = mysql_query('select ugr_Password from ' . USERS_TABLE . ' where ' . USERS_ID_FIELD . ' = 2'); $needRegistration = ($user = mysql_fetch_assoc($res)) && $user[USERS_PASSWORD_FIELD] == "TO BE RESET"; } if (!$needRegistration) {